| Subject | Re: [Firebird-Architect] External engines - security |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2007-10-19T14:42:56Z |
Roman Rokytskyy escreveu:
think more on this before a conclusion.
I was based in Oracle that USER = SCHEMA.
For FB, what we will really need is this (one classloader per schema,
since same class name may exist in different schemas), when we have schemas.
Adriano
>>>> Sorry, but I'm not understand your question about J2SE security andI was talking about user that *created* the procedure, but I should
>>>> fbserver.exe.
>>>>
>>>>
>>> Can one tune J2SE security on per-process basis ? I.e. - allow some process
>>> to do something (load java class and run it, for example). Or how it is worked ?
>>>
>> Yes, each process loads one JVM and AFAIK, each ClassLoader (one for
>> each DB user) can also have different security policies.
>>
>
> Why do we need classloader-per-user scenario? In what case we give an
> execute permission to some particular procedure to a particular role but
> you wich to apply some particular security policy on the code you
> execute on behalf of that user? Why GRANTs and policy-per-database is
> not enough?
think more on this before a conclusion.
I was based in Oracle that USER = SCHEMA.
For FB, what we will really need is this (one classloader per schema,
since same class name may exist in different schemas), when we have schemas.
Adriano